Lucene search
K

92 matches found

securityvulns
securityvulns
added 2009/03/15 12:0 a.m.75 views

[oCERT-2008-015] glib and glib-predecessor heap overflows

2008-015 glib and glib-predecessors heap overflows Description: Base64 encoding and decoding functions in glib suffer from vulnerabilities during memory allocation which may result in arbitrary code execution when processing large strings. A number of other GNOME-related applications which predat...

7.5CVSS0.6AI score0.05523EPSS
Exploits1
securityvulns
securityvulns
added 2009/02/10 12:0 a.m.45 views

[oCERT-2009-002] OpenCORE insufficient bounds checking during MP3 decoding

2009-002 OpenCORE insufficient bounds checking during MP3 decoding Description: OpenCORE, an open source multimedia decoding subsystem, suffers from an integer underflow during Huffman decoding resulting in improper bounds checking when writing to a heap allocated buffer. Decoding a specially...

6.8CVSS0.9AI score0.02195EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2009/01/15 12:0 a.m.27 views

Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : openssl (SSA:2009-014-01)

New openssl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue when connecting to an SSL/TLS server that uses a certificate containing a DSA or ECDSA key. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

5.8CVSS7.3AI score0.05146EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2008/10/02 12:0 a.m.31 views

FreeBSD : mplayer -- multiple integer overflows (724e6f93-8f2a-11dd-821f-001cc0377035)

The oCERT team reports : The MPlayer multimedia player suffers from a vulnerability which could result in arbitrary code execution and at the least, in unexpected process termination. Three integer underflows located in the Real demuxer code can be used to exploit a heap overflow, a specific vide...

9.3CVSS6.2AI score0.10852EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2008/09/12 12:0 a.m.25 views

Fedora 9 : poppler-0.8.1-2.fc9 (2008-7012)

Security fix: Add upstream patch for CVE-2008-2950 / oCERT-2008-007 - use of an uninitialized pointer to call free in Page::Page 454277 http://www.ocert.org/advisories/ocert-2008-007.html Bug fixes: Fix crash when reading QuadPoints 448516 Use static FTLibrary in CairoOutputDev, as dynamic may...

7.5CVSS7.2AI score0.14253EPSS
Exploits2References4
Tenable Nessus
Tenable Nessus
added 2008/09/10 12:0 a.m.39 views

Fedora 9 : xine-lib-1.1.15-1.fc9 (2008-7512)

This release fixes multiple bugs and security issues: - DoS via corrupted Ogg files CVE-2008-3231 - multiple possible buffer overflows detailed in oCERT-2008-008 For more details, see: http://sourceforge.net/project/shownotes.php?releaseid=619869&groupi d=9655...

10CVSS5.4AI score0.05748EPSS
Exploits1References16
securityvulns
securityvulns
added 2008/09/02 12:0 a.m.28 views

[oCERT-2008-014] WordNet stack and heap overflows

2008/08/25 2008-014 WordNet stack and heap overflows Description: The WordNet 3.0 Unix library and command-line interface suffer from a number of stack overflows due to their handling of command line arguments, environment variables and data read from user supplied dictionaries. The oCERT team wa...

3.5AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2008/08/08 12:0 a.m.19 views

Fedora 8 : poppler-0.6.2-2.fc8 (2008-7104)

Security fix: Add upstream patch for CVE-2008-2950 / oCERT-2008-007 - use of an uninitialized pointer to call free in Page::Page 454277 http://www.ocert.org/advisories/ocert-2008-007.html Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

7.5CVSS7.2AI score0.14253EPSS
Exploits2References4
securityvulns
securityvulns
added 2008/08/01 12:0 a.m.78 views

[oCERT-2008-009] libxslt heap overflow

2008/07/31 2008-009 libxslt heap overflow Description: The libexslt library bundled with libxslt is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is present in the rc4 encryption/decryption functions. An arbitrary length string, passed as a...

7.5CVSS1.8AI score0.12789EPSS
Exploits2
securityvulns
securityvulns
added 2008/07/10 12:0 a.m.53 views

[Full-disclosure] #2008-007 libpoppler uninitialized pointer - POC

hi. I was in doubt about releasing this because of there is no official patch. I suppose at this point anyone could accomplish the same thing so, again I'm in doubt. A friend once told me that if in doubt take your pants off. I've already tried that and I didn't earn no resolution to my conflict...

7.5CVSS7.9AI score0.14253EPSS
Exploits2
securityvulns
securityvulns
added 2008/07/09 12:0 a.m.55 views

[oCERT-2008-007] libpoppler uninitialized pointer

2008/07/07 2008-007 libpoppler uninitialized pointer Description: The poppler PDF rendering library suffers a memory management bug which leads to arbitrary code execution. The vulnerability is present in the Page class constructor/destructor. The pageWidgets object is not initialized in the Page...

7.5CVSS1.4AI score0.14253EPSS
Exploits2
securityvulns
securityvulns
added 2008/06/10 12:0 a.m.76 views

[oCERT-2008-006] multiple SNMP implementations HMAC authentication spoofing

2008/06/09 2008-006 multiple SNMP implementations HMAC authentication spoofing Description: Some SNMP implementations include incomplete HMAC authentication code that allows spoofing of authenticated SNMPv3 packets. The authentication code reads the length to be checked from sender input, this...

10CVSS0.7AI score0.6879EPSS
Exploits7
Rows per page
Query Builder